CVE-2022-49974 in Linux
Summary
by MITRE • 06/18/2025
In the Linux kernel, the following vulnerability has been resolved:
HID: nintendo: fix rumble worker null pointer deref
We can dereference a null pointer trying to queue work to a destroyed workqueue.
If the device is disconnected, nintendo_hid_remove is called, in which the rumble_queue is destroyed. Avoid using that queue to defer rumble work once the controller state is set to JOYCON_CTLR_STATE_REMOVED.
This eliminates the null pointer dereference.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 11/30/2025
The vulnerability CVE-2022-49974 represents a critical null pointer dereference issue within the Linux kernel's HID (Human Interface Device) subsystem, specifically affecting Nintendo controller support. This flaw exists in the nintendo_hid driver component that handles communication with Nintendo Joy-Con controllers and other Nintendo gaming peripherals. The vulnerability arises from improper handling of device lifecycle management during disconnection events, creating a race condition that can lead to system instability and potential privilege escalation.
The technical flaw occurs when a Nintendo controller is disconnected from the system while rumble functionality is active or pending. During the removal process, the nintendo_hid_remove function is invoked which destroys the rumble_queue workqueue structure. However, the driver continues to attempt queuing rumble work items to this already destroyed queue, resulting in a null pointer dereference when the system tries to access memory locations that no longer exist. This represents a classic use-after-free vulnerability pattern where resources are accessed after they have been released, violating fundamental memory safety principles. The vulnerability is classified as CWE-476 Null Pointer Dereference, which falls under the broader category of memory safety issues that can lead to system crashes or exploitation.
The operational impact of this vulnerability extends beyond simple system crashes, potentially affecting gaming experiences and system stability on Linux platforms that support Nintendo controllers. When the null pointer dereference occurs, it typically results in a kernel oops or system crash, forcing users to reboot their systems. In certain scenarios, this vulnerability could be exploited by malicious actors to gain unauthorized access to system resources, particularly if the kernel's memory management is manipulated to execute arbitrary code. The issue specifically affects systems running Linux kernels with the nintendo_hid driver enabled, making it relevant to gaming platforms, desktop systems, and embedded devices that support Nintendo controller connectivity.
Mitigation strategies for CVE-2022-49974 involve applying the official kernel patch that ensures proper state checking before attempting to queue work to the rumble queue. The fix implements a check to verify that the controller state is not set to JOYCON_CTLR_STATE_REMOVED before queuing any rumble work items, preventing access to the destroyed workqueue. System administrators should prioritize updating their Linux kernel versions to include this patch, particularly those running systems with active Nintendo controller support. Additionally, monitoring for kernel oops messages or system crashes related to HID subsystem operations can help identify vulnerable systems. Organizations using Linux-based gaming platforms or embedded systems with Nintendo controller support should conduct vulnerability assessments to ensure complete remediation. This vulnerability aligns with ATT&CK technique T1068 Exploitation for Privilege Escalation, as improper resource handling in kernel space can potentially be leveraged for elevated privileges, making timely patching essential for maintaining system security posture.